<?php
session_start();
//定义个常量，用来授权调用includes里面的文件
define('IN_TG',true);
define('IN_JS',"message");
//定义个常量，用来指定本页的内容
define('SCRIPT','message');
//引入公共文件
require dirname(__FILE__).'/includes/common.inc.php';
//判断是否登录了
if(empty($_COOKIE['username'])){
	_alert_close('请先登录');
}
if(!empty($_POST))
{
	if($_GET['action']=='write')
	{
		_check_code($_POST['code'],$_SESSION['code']);
		$sql="SELECT  tg_uniqid FROM tg_user WHERE tg_username='{$_SESSION['username']}'   LIMIT  1";
		if (!!$_rows = _fetch_array($sql))
		{
			_uniqid($_rows['tg_uniqid'],$_COOKIE['uniqid']);
		}
		include ROOT_PATH.'includes/check.func.php';
		$_clean = array();
		$_clean['touser'] = $_POST['touser'];
		$_clean['fromuser'] = $_SESSION['username'];
		$_clean['content'] = _check_content($_POST['content']);
		$_clean = _mysql_string($_clean);
		//不能添加自己
		if ($_clean['touser'] == $_clean['fromuser']) {
			_alert_close('请不要自己给自己留言！');
		}

		//添加留言信息
		$sql="INSERT INTO tg_message (tg_touser,tg_fromuser,tg_content,tg_date)VALUES ('{$_clean['touser']}','{$_clean['fromuser']}','{$_clean['content']}',NOW())";
		_query($sql);
		if (_affected_rows() == 1) {
			_close();
			//_session_destroy();
			_alert_close('留言成功！');
		} else {
			_close();
			//_session_destroy();
			_alert_back('留言失败！');
		}
	}
}
//获取数据
if (isset($_GET['id'])) {
	$sql="SELECT  tg_username  FROM  tg_user  WHERE  tg_id='{$_GET['id']}'  LIMIT  1 ";
	if (!!$_rows = _fetch_array($sql))
	{
		$_html = array();
		$_html['touser'] = $_rows['tg_username'];
		$_html = _html($_html);
	} else {
		_alert_close('不存在此用户！');
	}
} else {
	_alert_close('非法操作！');
}
?>
<?php
require ROOT_PATH.'includes/title.inc.php';
?>
<div id="message">
	<h3>写短信</h3>
	<form method="post" action="?action=write">
	<input type="hidden" name="touser" value="<?php echo $_html['touser'];?>" />
	<dl>
		<dd><input type="text" readonly="readonly" value="TO:<?php echo $_html['touser'];?>" class="text" /></dd>
		<dd><textarea name="content"></textarea></dd>
		<dd>验 证 码：<input type="text" name="code" class="text yzm"  /> <img src="code.php" id="code" onclick="javascript:this.src='code.php?tm='+Math.random();" /> <input type="submit" class="submit" value="发送短信" /></dd>
	</dl>
	</form>
</div>
</body>
</html>